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IN THE CLAIMS 

Please amend the claims as follows: 

1 . (Currently Amended) A method for generating temporarily assigned identity information, 
comprising: 

authenticating identity information associated with a request received from a requestor 
for accessing a service , wherein the request is sent from the requestor to the service and 
intercepted for processing unbeknownst to the requestor ; 

generating temporarily assigned identity information for the requestor , wherein the 
temporarily assigned identity information is in a syntax and format recognized by the service ; 

updating a protected identity directory with the temporarily assigned identity information; 

and 

directly transmitting the request and the temporarily assigned identity information to the 
service on behalf of the requestor, wherein the service accesses the protected identity directory 
with the temporarily assigned identity information to authenticate the requestor for access , and 
wherein the temporarily assigned identity information is in a syntax and semantic format 
recognized and expected by the service for authenticating access to the service . 

2. (Original) The method of claim 1 further comprising: 

generating a mapping between the identity information and the temporarily assigned 
identity information; and 

storing the mapping in a local identity mapping store. 

3. (Original) The method of claim 2 further comprising, synchronizing the local identity 
mapping store and the mapping with one or more addition local identity mapping stores. 

4. (Original) The method of claim 1 wherein the generating further includes assembling an 
aggregate identity configuration for the requestor from one or more authoritative identity stores 
before generating the temporarily assigned identity information. 
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5. (Original) The method of claim 1 further comprising, removing the temporarily assigned 
identity information from the protected identity directory after detecting a terminating event that 
terminates the authenticity of the temporarily assigned identity information. 

6. (Original) The method of claim 5 further comprising recycling a storage space occupied 
by the temporarily assigned identity information for use in a subsequent iteration of the method. 

7. (Original) The method of claim 1 further comprising: 

detecting dynamic changes made on at least a portion of the identity information, wherein 
the changes are detected within the protected identity directory; and 

synchronizing the temporarily assigned identity information with the changes. 

8. (Original) The method of claim 1 further comprising: 

detecting dynamic changes made on at least a portion of the identity information, wherein 
the changes are detected within the protected identity directory; and 

synchronizing the changes with one or more authoritative identity stores impacted by the 
changes. 

9. (Original) The method of claim 1 further comprising: 

detecting changes made on at least a portion of the identity information, wherein the 
changes are detected within the protected identity directory; and 

logging the changes for subsequent update with one or more authoritative identity stores 
impacted by the changes. 
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1 0. (Currently Amended) A method for generating temporarily assigned identity information, 
comprising: 

acquiring a request for a service from a requestor and unbeknownst to the requestor that 
makes the request directly to the service ; 
authenticating the request; 

compiling an identity configuration for the request; 

generating temporarily assigned identity information for the request using the identity 
configuration; and 

directly transmitting the temporarily assigned identity information and the request to the 
service on behalf of the requestor, wherein the temporarily assigned identity information is in a 
syntax and semantic format recognized by the service for authenticating the requestor for access 
to the service . 

1 1 . (Currently Amended) The method of claim 10 wherein acquiring the int e rcepting further 
includes, transmitting int e rc e pting the request, wherein where the request originates from a 
requestor's service over an insecure network. 

12. (Original) The method of claim 10 wherein the transmitting further includes, transmitting 
the temporarily assigned identity information and the request to the service within a secure 
network. 

13. (Original) The method of claim 10 further comprising accessing, by the service, a 
protected identity directory to authenticate the request using the temporarily assigned identity 
information. 
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14. (Original) The method of claim 1 0 further comprising: 

acquiring an additional request issued from a same-requestor that is associated with the 
request, wherein the additional request is for an additional service; 
authenticating the additional request; and 

transmitting the temporarily assigned identity information and the additional request to 
the additional service. 

15. (Original) The method of claim 1 0 further comprising, forcing the temporarily assigned 
identity information to expire upon detection of a terminating event. 

1 6. (Currently Amended) The method of claim 1 0 wherein the compiling further includes 
aggregating identity policies from one or more authoritative identity stores, wherein the identity 
policies are associated with [[a]] the requestor that issued the request for the service. 

17. (Currently Amended) An identity information management system, comprising: 
a proxy server that intercepts requests made for services, wherein the requests are 

associated with requestors , and wherein the requests are made from the requestors directly to the 
services and are processed by the proxy server unbeknownst to the requestors that made them ; 

a local identity mapping store for housing mappings between temporarily assigned 
identity information and identity configurations, the temporarily assigned identity information 
and the identity configurations are generated from identity information provided with the 
requests; and 

a protected identity directory updated with the temporarily assigned identity information 
and accessed by the services in order to authenticate the requests, wherein the requests and the 
temporarily assigned identity information are directly transmitted to the services on behalf of the 
requestors by the proxy server and wherein the temporarily assigned identity information is in a 
syntax and semantic format recognized by the services for authenticating access to the services . 
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18. (Original) The identity information management system of claim 1 7 further comprising a 
local identity mapping store synchronizer that synchronizes the mappings in the local identity 
mapping store with one or more additional local identity mapping stores. 

19. (Original) The identity information management system of claim 17 wherein the local 
identity mapping store, the protected identity mapping store, and the services are accessible from 
a secure network. 

20. (Original) The identity information management system of claim 1 7 wherein the identity 
configurations are generated from one or more authoritative data stores associated with the 
requestors. 

2 1 . (Original) The identity information management system of claim 1 7, wherein the identity 
information includes at least one of an identification, a password, a certificate, a token, a 
biometric value, a hardware value, a network connection value, and a time value. 

22. (Original) The identity information management system of claim 1 7, the temporarily 
assigned identity information is monitored and removed them from the protected identity 
directory and the local identity mapping store when terminating events are detected. 

23 . (Original) The identity information management system of claim 1 7, wherein the 
temporarily assigned identity information is randomly or deterministically generated. 

24. (Original) The identity information management system of claim 17, a storage space 
associated with the temporarily assigned identity information is recycled or reused. 
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25. (Currently Amended) A data store residing in a computer-readable medium, for 
managing identity information, the data store comprising: 

identity configuration information generated in response to a request made from a 
requestor for a service , wherein the request is made from the requestor directly to the service and 
the identity configuration information is generated unbeknownst to the requestor ; and 

temporarily assigned identity information generated for the identity configuration and 
used by the service for authenticating the requesto r, wherein the temporarily assigned identity 
information is sent to the service unbeknownst to and on behalf of the requestor and the 
temporarily assigned identity information is in a syntax and semantic format recognized by the 
service for authenticating the requestor for access to the service . 

26. (Original) The data store of claim 25 further comprising a mapping that links the identity 
configuration with the temporarily assigned identity information, wherein the mapping is 
accessed for transmitting the temporarily assigned identity information along with the request to 
the service on behalf of the requestor. 

27. (Original) The data store of claim 26 wherein the mapping is accessed for purposes of 
updating a protected identity directory that is accessed by the service in order to authenticate the 
request by using the temporarily assigned identity information. 

28. (Original) The data store of claim 26 wherein the identity configuration, the temporarily 
assigned identity information, and the mapping are shared and managed within the data store by 
a managing service and at least one additional service. 

29. (Original) The data store of claim 26 wherein the mapping is cached and accessible for 
subsequent uses. 

30. (Original) The data store of claim 26 wherein the mapping includes a collection of 
additional identity information which is not part of the identity information sent to the requestor. 
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3 1 . (Original) The data store of claim 25 wherein the temporarily assigned identity 
information is a subset of identity information associated with the requestor. 

32. (Original)The data store of claim 25 wherein the data store is a local identity mapping 
data store managed by a managing service and the data store is synchronized with another 
identity mapping store that is managed by another service. 

33. (Original) The data store of claim 25 wherein the data store cannot be directly accessed 
by the service. 

34. (Original) The data store of claim 25 wherein the data store is directly accessed by the 
service. 



